2013-18947. Facility Security Clearance and Safeguarding of National Security Information and Restricted Data  

  • Start Preamble

    AGENCY:

    Nuclear Regulatory Commission.

    ACTION:

    Direct final rule.

    SUMMARY:

    The U.S. Nuclear Regulatory Commission (NRC) is updating its regulations to standardize the frequency of required security education training for employees of NRC licensees possessing security clearances so that such training will be conducted annually consistent with the objectives of Executive Order 13526, Classified National Security Information. The rule allows licensees flexibility in determining the means and methods for providing this training. This action establishes uniformity in the frequency of licensee security education and training programs and enhances the protection of classified information.

    DATES:

    This rule is effective October 21, 2013 unless significant adverse comments are received by September 6, 2013.

    ADDRESSES:

    Please refer to Docket ID NRC-2011-0268 when contacting the NRC about the availability of information for this direct final rule. You may access information and comment submittals related to this direct final rule, which the NRC possesses and is publicly available, by any of the following methods:

    • Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2011-0268. Address questions about NRC dockets to Carol Gallagher; telephone: 301-287-3422; email: Carol.Gallagher@nrc.gov. For technical questions, please contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this proposed rule.
    • NRC's Agencywide Documents Access and Management System (ADAMS): You may access publicly available documents online in the NRC Library at http://www.nrc.gov/​reading-rm/​adams.html. To begin the search, select “ADAMS Public Documents” and then select “Begin Web-based ADAMS Search.” For problems with ADAMS, please contact the NRC's Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or by email to pdr.resource@nrc.gov. The ADAMS accession number for each document referenced in this document (if that document is available in ADAMS) is provided the first time that a document is referenced.
    • NRC's PDR: You may examine and purchase copies of public documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852.
    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Daniel W. Lenehan, Office of the General Counsel, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: 301-415-3501, email: Daniel.Lenehan@nrc.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    I. Background

    II. Discussion

    III. Section-by-Section Analysis

    IV. Procedural Background

    V. Compatibility of Agreement State Regulations

    VI. Plain Writing

    VII. Voluntary Consensus Standards

    VIII. Environmental Impact: Categorical Exclusion

    IX. Paperwork Reduction Act Statement

    X. Regulatory Analysis

    XI. Regulatory Flexibility Act Certification

    XII. Backfitting

    XIII. Congressional Review Act

    I. Background

    On December 29, 2009, the President signed Executive Order 13526, Classified National Security Information, which was published in the Federal Register on January 5, 2010 (75 FR 707). The Executive Order prescribes training requirements applicable to the NRC for the proper safeguarding of national security information and requires the NRC to ensure that classified information disseminated outside the executive branch is protected “in a manner equivalent to that provided within the executive branch.” The Information Security Oversight Office (ISOO) within the National Archives and Records Administration, which is responsible for issuing guidance to Federal agencies on the implementation of the Executive Order, issued a final rule (75 FR 37254; June 28, 2010) amending 32 CFR parts 2001 and 2003 (ISOO Regulations). The final rule requires executive branch agencies to conduct classified information security refresher briefings for all cleared employees at least annually, and to provide derivative classification training for employees authorized to apply derivative classifications prior to exercising such authority and at least once every 2 years thereafter. This rulemaking will establish standard training requirements for NRC licensee security education and Start Printed Page 48038training programs in a manner equivalent to that provided within the executive branch.

    II. Discussion

    The NRC is issuing this direct final rule to update part 95 of Title 10 of the Code of Federal Regulations (10 CFR), Facility Security Clearance and Safeguarding of National Security Information and Restricted Data, § 95.33, Security Education. These updates require NRC licensees (or their designees) to conduct classified information security refresher briefings for all cleared employees at least annually, and to provide derivative classification training for employees authorized to apply derivative classifications before exercising this authority and then at least once every 2 years thereafter. This rule also gives licensees flexibility in determining the means and methods for providing this training. The NRC regulations at 10 CFR 95.33 currently require NRC licensees, or their designees, to conduct classified information security refresher briefings for all cleared employees every 3 years. These regulations do not mandate a uniform training frequency for derivative classifiers.

    The NRC has determined that requiring cleared licensee employees to undergo classified information security refresher briefings at least annually and standardizing the derivative classification training for licensee employees enhances the protection of classified information by ensuring that cleared individuals are properly aware of their responsibilities to protect classified information and conform NRC regulations with executive branch policies.

    Section 4.1(e) of Executive Order 13526, Classified National Security Information (75 FR 707; January 5, 2010) (the Executive Order) requires the NRC to ensure that classified information disseminated outside the executive branch is protected “in a manner equivalent to that provided within the executive branch.” The Information Security Oversight Office (ISOO) within the National Archives and Records Administration is responsible for issuing guidance to Federal agencies on the implementation of the Executive Order. On June 28, 2010, ISOO issued a final rule (75 FR 37254; June 28, 2010; amending 32 CFR parts 2001 and 2003 (ISOO Regulations)). The ISOO Regulations require executive branch agencies to conduct classified information security refresher briefings for all cleared employees at least annually, and to provide derivative classification training for employees authorized to apply derivative classifications prior to exercising such authority and at least once every 2 years thereafter. This rulemaking will standardize the frequency of required security education training for NRC licensee employees possessing security clearances in a manner equivalent to that provided within the executive branch.

    This direct final rule will establish standard training requirements for NRC licensee security education and training programs. Implementation of this rule will enhance the protection of classified information, and ensure the protection of classified information in a manner equivalent to that provided within the executive branch. Current NRC regulations only require refresher security education and training once every 3 years for all NRC licensee personnel who handle or generate classified information. Updating 10 CFR 95.33 to require annual training will enhance the protection of classified information by ensuring that all NRC licensee employees who create, process, or handle classified information have a satisfactory knowledge and understanding of classification, safeguarding, and declassification policies and procedures.

    Additionally, the current text of 10 CFR 95.33 does not provide for education and training of NRC licensee personnel authorized to apply derivative classification markings. This rulemaking enhances the protection of classified information through uniform training requirements for derivative classifiers. The uniform standard will have the beneficial effect of reducing instances of over-classification or improper classification, improper safeguarding, and inappropriate or inadequate declassification practices.

    Finally, these updated requirements are equivalent to requirements applicable to the Commission itself via the Executive Order and the ISOO Regulations. The NRC has determined that the updated requirements in this final rule are consistent with the NRC obligation, stated in Section 4.1(e) of the Executive Order, to ensure that the protection of classified information by NRC licensees is performed in a manner equivalent to that required within the executive branch.

    III. Section-by-Section Analysis

    The initial paragraph of 10 CFR 95.33, Security education, is amended to state that program officials are responsible for determining the methods for providing security education and training. This requirement is equivalent to requirements applicable to the Commission pursuant to 32 CFR 2001.70(c).

    A new paragraph (e) has been added to specify that access by licensees' employees to classified information is subject to a favorable eligibility determination, signing an approved non-disclosure agreement and the employee's need-to-know. This requirement is equivalent to requirements applicable to the Commission pursuant to Section 4.1(a) of the Executive Order.

    Current paragraph (e) is redesignated as paragraph (f) and revised to specify that initial security training will be provided to every person who has met the criteria set forth in new paragraph (e) before being granted access to classified information. This requirement is equivalent to requirements applicable to the Commission pursuant to 32 CFR 2001.70(d)(1).

    Current paragraph (f) is redesignated as paragraph (g) and revised to specify that the requirement for conducting refresher briefings for all of a licensee's cleared employees is changed from every 3 years to at least annually. This requirement is equivalent to requirements applicable to the Commission pursuant to 32 CFR 2001.70(d)(4).

    Current paragraph (g) is redesignated as paragraph (i) and former paragraph (h) is redesignated as paragraph (j).

    New paragraph (h) specifies that derivative classifiers are to receive training prior to derivatively classifying information and at least once every 2 years. This requirement is equivalent to requirements applicable to the Commission pursuant to 32 CFR 2001.70(d)(3).

    Minor editorial changes were also made to § 95.33.

    IV. Procedural Background

    Because the NRC considers this action to be non-controversial, the NRC is using the direct final rule process for this rule. The amendments in this rule will become effective on October 21, 2013. However, if the NRC receives significant adverse comments on this direct final rule by September 6, 2013, then the NRC will publish a document that withdraws this action and will subsequently address the comments received in a final rule as a response to the companion proposed rule published elsewhere in this issue of the Federal Register. Absent significant modifications to the proposed revisions requiring republication, the NRC will not initiate a second comment period on this action.

    A significant adverse comment is a comment where the commenter Start Printed Page 48039explains why the rule would be inappropriate, including challenges to the rule's underlying premise or approach, or would be ineffective or unacceptable without a change. A comment is adverse and significant if:

    (1) The comment opposes the rule and provides a reason sufficient to require a substantive response in a notice-and-comment process. For example, a substantive response is required when:

    (A) The comment causes the NRC to reevaluate (or reconsider) its position or conduct additional analysis;

    (B) The comment raises an issue serious enough to warrant a substantive response to clarify or complete the record; or

    (C) The comment raises a relevant issue that was not previously addressed or considered by the NRC.

    (2) The comment proposes a change or an addition to the rule and it is apparent that the rule would be ineffective or unacceptable without incorporation of the change or addition.

    (3) The comment causes the NRC to make a change (other than editorial) to the rule.

    For detailed instruction on submitting a comment, please see the companion proposed rule published elsewhere in this issue of the Federal Register.

    V. Compatibility of Agreement State Regulations

    Under the “Policy Statement on Adequacy and Compatibility of Agreement State Programs,” approved by the Commission on June 30, 1997, and published in the Federal Register on September 3, 1997 (62 FR 46517), this rule is classified as Compatibility Category “NRC.” Compatibility is not required for Category “NRC” regulations. The NRC program elements in this category are those that relate directly to areas of regulation reserved to the NRC by the Atomic Energy Act of 1954, as amended, or the provisions of 10 CFR. Although an Agreement State may not adopt program elements reserved to the NRC, it may wish to inform its licensees of certain requirements via a mechanism that is consistent with the particular State's administrative procedure laws but does not confer regulatory authority on the State.

    VI. Plain Writing

    The Plain Writing Act of 2010 (Pub. L. 111-274) requires Federal agencies to write documents in a clear, concise, and well-organized manner. The NRC has written this document to be consistent with the Plain Writing Act as well as the Presidential Memorandum, “Plain Language in Government Writing,” published June 10, 1998 (63 FR 31883).

    VII. Voluntary Consensus Standards

    The National Technology Transfer and Advancement Act of 1995, Public Law 104-113, requires Federal agencies to use technical standards developed or adopted by voluntary consensus standards bodies unless the use of such a standard is inconsistent with applicable law or is otherwise impractical. This direct final rule amends the frequency of the training required for employees of NRC licensees handling classified information. This action is administrative in nature and does not involve the establishment or application of a technical standard containing generally applicable requirements.

    VIII. Environmental Impact: Categorical Exclusion

    The NRC has determined that this direct final rule is the type of action described in categorical exclusions 10 CFR 51.22(c)(1), (2), and (3)(iv). Therefore, neither an environmental impact statement nor an environmental assessment has been prepared for this direct final rule.

    IX. Paperwork Reduction Act Statement

    This direct final rule does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing requirements were approved by the Office of Management and Budget (OMB), approval number 3150-0047.

    Public Protection Notification

    The NRC may neither conduct nor sponsor, and a person is not required to respond to, an information collection request or requirement unless the requesting document displays a currently valid OMB control number.

    X. Regulatory Analysis

    The NRC has prepared a regulatory analysis on this regulation. The analysis examines the costs and benefits of the alternatives considered by the NRC.

    Statement of the Problem and Reasons for the Rulemaking

    The NRC regulations in 10 CFR part 95 establish procedures for safeguarding Secret and Confidential National Security Information and Restricted Data received or developed in conjunction with activities licensed, certified, or regulated by the Commission. The requirements set forth in 10 CFR 95.33 currently require security refresher training for all cleared employees every 3 years. However, they do not address initial or refresher training for persons who apply derivative classification markings.

    The NRC has determined that requiring cleared employees of NRC licensees to undergo classified information security refresher briefings at least annually and standardizing the derivative classification training for cleared employees of NRC licensees will enhance the protection of classified information. Annual classified information security refresher briefings will help ensure that cleared employees of NRC licensees have adequate knowledge and understanding of proper classification policies and procedures and thereby help reduce instances of improper processing, handling, storage, and declassification of classified information. Standardized derivative classification training will help ensure that cleared employees of NRC licensees will have a proper understanding of derivative classification policies and procedures and thereby help reduce instances of improper classification of derivative documents containing classified information.

    Furthermore, this rulemaking will bring the requirements for licensee protection of classified information into alignment with two new requirements imposed on the Commission for the protection of classified information by Executive Order 13526 and the ISOO Regulations implementing the requirements of the Executive Order set forth at 32 CFR part 2001.

    The Executive Order and the ISOO Regulations at 32 CFR 2001.70(d)(3) specify that Federal government employees who “apply derivative classification markings shall receive training in the proper application of the derivative classification principles of the Executive Order prior to derivatively classifying information and at least once every 2 years.” Additionally, 32 CFR 2001.70(d)(4) directs each U.S. Government agency to “provide some form of refresher security education and training at least annually for all its personnel who handle or generate classified information.”

    The purpose of this rulemaking is twofold. First, this rulemaking ensures that classified information possessed or accessed by employees of NRC licensees is effectively safeguarded. The NRC has determined that successful safeguarding of classified information requires effective security education and training programs. The NRC has further determined that updating its 10 CFR part 95 security education and training programs to achieve parity with the Start Printed Page 48040Executive Order and the ISOO Regulations is necessary to ensure these programs are effective. Second, this rulemaking “ensure[s] the protection of [classified] information in a manner equivalent to that provided within the executive branch,” as required by Section 4.1(e) of the Executive Order by updating training requirements applicable to licensees to be equivalent to training requirements applicable to the Commission itself.

    Background

    Regulatory Objective

    The NRC objective for this final rule is to require that all cleared employees of NRC licensees receive security refresher training on an annual basis. In addition, all licensee employees who apply derivative classification markings shall receive training in their derivative classification duties prior to derivatively classifying information and at least once every 2 years thereafter.

    Identification and Preliminary Analysis of Alternative Approaches

    No-Action Alternative: Under this option, the NRC would not amend the current regulations under 10 CFR part 95 to require security refresher training every year rather than every 3 years. The NRC would also not amend the current regulations under 10 CFR part 95 to require training for derivative classifiers prior to derivatively classifying information and at least once every 2 years. This option would avoid certain costs that the rule will impose. However, taking no action would mean that licensees who handle and store classified information are not protecting that information in accordance with the requirements the NRC considers necessary to be consistent with the objectives of Executive Order 13526 to enhance the adequate protection of classified information consistent with the goal of protecting national security. This no-action alternative is the baseline for this regulatory analysis.

    Estimate and Evaluation of Values and Impacts

    Overview: This final rule revises the governing regulations under 10 CFR part 95 to require licensees to handle classified information in the same manner as is required of employees of Federal agencies by the Executive Order. This rulemaking adds value because it ensures those licensees who are handling and derivatively marking classified information are appropriately trained in the protection of classified information in accordance with current federal standards and requirements.

    Impacts on Licensees: Impacts upon licensees from this final rule will be minimal. Only the three 10 CFR part 70 licensees and one Part 76 Certificate holder, for which the NRC is the Cognizant Security Agency (CSA), would be affected by the rule. A fourth 10 CFR part 70 licensee will be affected later this year when it becomes a possessor of classified matter. Of those three, two already commit in their internal procedures to annual security education briefings of all their employees and are conducting initial and refresher training of their employees who apply derivative classification markings more frequently than every 2 years. The other licensee is conducting annual refresher training and training its derivative classifiers at least every 2 years but does not commit to those requirements in its security program. It is estimated that there will be no one-time cost associated with amending their licenses through security plan changes since the only change is from three years to annually. Two of the three licensees have contractors who possess classified information and therefore, have their own independent security plans. It is estimated that there will also be no one-time cost associated with amending their licenses through security plan changes since the only change is from three years to annually. Since the majority of the training is administered electronically, there is little to no cost of preparing and administering the training sessions. Those 10 CFR part 50 licensees who only access classified information but do not possess it will be impacted minimally from the increase in frequency of security education briefings, since those licensees only have three to five employees who are cleared to access classified information. The associated security plan change would merely update the frequency of refresher training from 3 years to annually. In addition, none of their employees are derivative classifiers.

    Impacts on the NRC: The primary impact on the NRC will be the resources expended in conducting this rulemaking and reviewing the amended security plans and programs. The staff time to review revisions to security plans and programs to ensure commitment to the new requirements is minimal. It is estimated that this will require no more than 20 hours and will be accomplished by existing staff as part of their normal workload.

    Impacts on Other Stakeholders: The NRC staff has identified one impact to other stakeholders. Those contractors that support licensees who handle classified information but are not cleared for storage will have to amend their security plans to change the frequency of refresher training from 3 years to annually. These contractors are not required to have derivative classifiers.

    XI. Regulatory Flexibility Act Certification

    Under the Regulatory Flexibility Act, 5 U.S.C 605(b), the Commission certifies that this direct final rule amending 10 CFR part 95 does not have a significant economic impact on a substantial number of small entities. This direct final rule applies to those licensees who generate, receive, safeguard, and store National Security Information or Restricted Data (as defined in 10 CFR part 95). The requirements in this direct final rule apply to licensees who operate power reactors as well as licensees operating fuel cycle facilities. None of these licensees are “small entities” as defined in the Regulatory Flexibility Act or the size standards established by the NRC (10 CFR 2.810). This direct final rule also applies to contractors of those licensees required to comply with this direct final rule who generate, receive, safeguard, and store National Security Information or Restricted Data (as defined in 10 CFR part 95), received or developed in conjunction with activities licensed, certified, or regulated by the Commission. Some of these contractors may be “small entities” as defined in the Regulatory Flexibility Act or the NRC's size standards. However, the impact on these contractors is not significant because it is the licensees, not the contractors, who are required to offer the training and absorb its costs.

    XII. Backfitting

    This direct final rule will apply to all NRC licensees who receive or possess Classified National Security Information. The NRC has determined that the modifications constitute backfitting as defined in 10 CFR 50.109 for power reactors, 10 CFR 76.76 for gaseous diffusion plants, 10 CFR 72.62 for independent spent fuel storage installations or monitored retrievable storage installations, and 10 CFR 70.76 for special nuclear material licensees. Consequently, the NRC has prepared the following backfit analysis. The Commission has determined that there will be a substantial increase in the overall common defense and security derived from the backfit, and that the direct and indirect costs that will result from the implementation of the backfit are justified.Start Printed Page 48041

    A Statement of the Specific Objectives That the Backfit is Designed to Achieve.

    The Commission is amending its regulations at 10 CFR 95.33 to update the frequency of training requirements applicable to licensees in order to enhance the protection of classified information, and to ensure that there is no discrepancy in the level of protection afforded such information regardless of whether it is in the possession of the NRC or of its licensees. The objective of the backfit is to ensure that protection of Secret and Confidential National Security Information and Restricted Data received or developed in conjunction with activities licensed, certified, or regulated by the Commission, in the possession of Commission licensees is enhanced and is as well protected as such information would be if it was in the hands of the Commission itself.

    A General Description of the Activity That Would Be Required of the Licensee or the Applicant To Complete the Backfit.

    Licensee personnel who apply derivative classification markings will receive training in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years. In addition, licensees will be required to provide some form of refresher security education and training at least annually for all of its personnel who handle or generate classified information.

    The Potential Change in the Risk to the Public From the Accidental Offsite Release of Radioactive Material.

    None.

    The Potential Impact on the Radiological Exposure of Facility Employees.

    None.

    The Installation and Continuing Costs Associated With the Backfit, Including the Cost of Facility Downtime or the Cost of Construction Delay.

    Impacts upon licensees from this direct final rule will be minimal. There are only three 10 CFR part 70 licensees and one Part 76 Certificate holder who possess classified information. A fourth 10 CFR part 70 licensee will be affected later this year when it becomes a possessor of classified matter. Of those three, two already commit in their internal procedures to annual security education briefings of all their employees and are conducting initial and refresher training of their employees who apply derivative classification markings more frequently than every 2 years. The other licensee is conducting annual refresher training and training its derivative classifiers at least every 2 years but does not commit to those requirements in its security program. It is estimated that there will be no one-time cost associated with amending licenses through security plan changes since the only change is from three years to annually. Two of the three licensees have contractors who possess classified information and therefore, have their own independent security plans. It is estimated that there will also be no one-time cost associated with amending licenses through security plan changes ranges since the only change is from three years to annually. Since the majority of the training is administered electronically, there is little to no cost of preparing and administering the training sessions. Those 10 CFR part 50 licensees who only access classified information but do not posses it will be impacted minimally from the increase in frequency of security education briefings since those licensees only have three to five employees who are cleared for access to classified information. The associated security plan change would merely update the frequency of refresher training from 3 years to annually. In addition, none of their employees are derivative classifiers.

    The NRC staff has identified one impact to other stakeholders. Those contractors that support licensees who handle classified information but are not cleared for storage will have to amend their security plans to change the frequency of refresher training from 3 years to annually. These contractors are not required to have derivative classifiers.

    The Potential Safety Impact of Changes in Plant or Operational Complexity, Including the Relationship to Proposed and Existing Regulatory Requirements.

    None.

    The Estimated Resource Burden on the NRC Associated With the Backfit and the Availability of NRC Resources.

    The primary impact on the NRC will be the resources expended in conducting this rulemaking and reviewing the amended security plans and programs. The staff time to review revisions to security plans to ensure commitment to the new requirements is minimal.

    The Potential Impact of Differences in Facility Type, Design, or Age on the Relevance and Practicality of the Backfit.

    None.

    Whether the Backfit is Interim or Final and, if Interim, the Justification for Imposing the Backfit on an Interim Basis.

    The backfit is final.

    XIII. Congressional Review Act

    Under the Congressional Review Act of 1996, the NRC has determined that this action is not a major rule and has verified this determination with the Office of Information and Regulatory Affairs of OMB.

    Start List of Subjects

    List of Subjects in 10 CFR Part 95

    • Classified information
    • Criminal penalties
    • Reporting and recordkeeping requirements
    • Security measures
    End List of Subjects

    For the reasons set forth in the preamble and under the authority of the Atomic Energy Act of 1954, as amended; the Energy Reorganization Act of 1974, as amended; and 5 U.S.C. 552 and 553; the NRC is adopting the following amendments to 10 CFR part 95.

    Start Part

    PART 95—FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA

    End Part Start Amendment Part

    1. The authority citation for part 95 continues to read as follows:

    End Amendment Part Start Authority

    Authority: Atomic Energy Act Secs. 145, 161, 223, 234 (42 U.S.C. 2165, 2201, 2273, 2282); Energy Reorganization Act sec. 201 (42 U.S.C.5841); Government Paperwork Elimination Act sec. 1704 (44 U.S.C. 3504 note); E.O. 10865, as amended, 3 CFR 1959-1963 Comp., p. 398 (50 U.S.C. 401, note); E.O. 12829, 3 CFR, 1993 Comp., p. 570; EO 13526, 3 CFR 2010 Comp., pp. 298-327; E.O. 12968, 3 CFR, 1995 Comp., p. 391; E.O. 13526, 3 CFR, 2010 Comp., p. 298.

    End Authority Start Amendment Part

    2. Revise § 95.33 to read as follows:

    End Amendment Part
    Security education.

    All cleared employees must be provided with security training and briefings commensurate with their involvement with classified information. The facility official(s) responsible for the program shall determine the means and methods for providing security education and training. A licensee or other entity subject to part 95 may obtain defensive security, threat awareness, and other education and training information and material from their Cognizant Security Agency (CSA) or other appropriate sources.Start Printed Page 48042

    (a) Facility Security Officer Training. Licensees or other entities subject to part 95 are responsible for ensuring that the Facility Security Officer, and other personnel performing security duties, complete security training deemed appropriate by the CSA. Training requirements must be based on the facility's involvement with classified information and may include a Facility Security Officer Orientation Course and, for Facility Security Officers at facilities with safeguarding capability, a Facility Security Officer Program Management Course. Training, if required, should be completed within 1 year of appointment to the position of Facility Security Officer.

    (b) Government-Provided Briefings. The CSA is responsible for providing initial security briefings to the Facility Security Officer, and for ensuring that other briefings required for special categories of information are provided.

    (c) Temporary Help Suppliers. A temporary help supplier, or other contractor who employs cleared individuals solely for dispatch elsewhere, is responsible for ensuring that required briefings are provided to their cleared personnel. The temporary help supplier or the using licensee's, certificate holder's, or other person's facility may conduct these briefings.

    (d) Classified Information Nondisclosure Agreement (SF-312). The SF-312 is an agreement between the United States and an individual who is cleared for access to classified information. An employee issued an initial access authorization must, in accordance with the requirements of § 25.23 of this chapter, execute an SF-312 before being granted access to classified information. The Facility Security Officer shall forward the executed SF-312 to the CSA for retention. If the employee refuses to execute the SF-312, the licensee or other facility shall deny the employee access to classified information and submit a report to the CSA. The SF-312 must be signed and dated by the employee and witnessed. The employee's and witness' signatures must bear the same date.

    (e) Access to Classified Information. Employees may have access to classified information only if:

    (1) A favorable determination of eligibility for access has been made with respect to such employee by the CSA;

    (2) The employee has signed an approved non-disclosure agreement; and

    (3) The employee has a need-to-know the information.

    (f) Initial Security Briefings. Initial training shall be provided to every employee who has met the standards for access to classified information in accordance with paragraph (e) of this section before the employee is granted access to classified information. The initial training shall include the following topics:

    (1) A Threat Awareness Briefing;

    (2) A Defensive Security Briefing;

    (3) An overview of the security classification system;

    (4) Employee reporting obligations and requirements; and

    (5) Security procedures and duties applicable to the employee's job.

    (g) Refresher Briefings. The licensee or other entities subject to part 95 shall conduct refresher briefings for all cleared employees at least annually. As a minimum, the refresher briefing must reinforce the information provided during the initial briefing and inform employees of appropriate changes in security regulations. This requirement may be satisfied by use of audio/video materials and/or by issuing written materials to cleared employees.

    (h) Persons who apply derivative classification markings shall receive training specific to the proper application of the derivative classification principles of Executive Order 13526, Classified National Security Information (75 FR 707; January 5, 2010), before derivatively classifying information and at least once every 2 years thereafter.

    (i) Debriefings. Licensee and other facilities shall debrief cleared employees at the time of termination of employment (discharge, resignation, or retirement); when an employee's access authorization is terminated, suspended, or revoked; and upon termination of the Facility Clearance.

    (j) Records reflecting an individual's initial and refresher security orientations and security termination must be maintained for 3 years after termination of the individual's access authorization.

    Start Signature

    Dated at Rockville, Maryland, this 23rd day of July, 2013.

    For the Nuclear Regulatory Commission.

    R. William Borchardt,

    Executive Director for Operations.

    End Signature End Supplemental Information

    [FR Doc. 2013-18947 Filed 8-6-13; 8:45 am]

    BILLING CODE 7590-01-P

Document Information

Effective Date:
10/21/2013
Published:
08/07/2013
Department:
Nuclear Regulatory Commission
Entry Type:
Rule
Action:
Direct final rule.
Document Number:
2013-18947
Dates:
This rule is effective October 21, 2013 unless significant adverse comments are received by September 6, 2013.
Pages:
48037-48042 (6 pages)
Docket Numbers:
NRC-2011-0268
RINs:
3150-AJ07: Update Part 95 Classification Training Requirements [NRC-2011-0268]
RIN Links:
https://www.federalregister.gov/regulations/3150-AJ07/update-part-95-classification-training-requirements-nrc-2011-0268-
Topics:
Classified information, Reporting and recordkeeping requirements, Security measures
PDF File:
2013-18947.pdf
CFR: (1)
10 CFR 95.33